MikaLendingBot
MikaLendingBot copied to clipboard
BitBotFactory
Discussion: Configuration web interface
Is it too crazy to think this bot could be configured via a web interface?
With sliders, input fields for the api keys, etc?
I am no web designer, but I can totally hack an html file for all the configuration options. But I wonder, would people want this? I find it tedious to have to change the config file just to switch up or down the minlending. or to see if something works or not.
The reason I've been avoiding this issue is security... currently the web interface is "read only" - that's simple with no risk for your API KEY or someone manipulating your bot.
Well, I used an apache proxy to set this up, so the web interface is actually protected by apache. I use a configuration file similar to this:
Listen 20001 https
<VirtualHost remote.host.ip:20001>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
<Proxy *>
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/opt/pollenbot/.htpasswd"
Require valid-user
</Proxy>
ProxyPass / http://localhost:8000/
ProxyPassReverse / http://localhost:8000/
</VirtualHost>
And I set the variable customWebServerAddress to 127.0.0.1:8000
That way the web page is password protected over SSL/TLS
Basic Authentication is nice for protecting access to private information (basically counting that attacker won't gain value), I wouldn't rely on it to protect API Access to my funds.
I was talking about telegram api keys. not poloniex ones. True, I would not trust my api key to be recovered over html, in fact, I would make that an option you can set but not one you can read. Makes sense?
The problem is that you need to give a write permission somewhere (an POST handler), which needs more security considerations... I do see this in the future, currently the effort to make it right (reduce the risk) is too high in my opinion.
I would prefer getting good Market Analysis so I don't need to change the configuration. :)
Oh, you mean something like "Run with this coin" and that it makes everything it can to get the maximum rate automatically? that sounds like a good idea and a more on the returns money than is convenient side. I like it.
What we could do, is start another web server that will only listen on local host and starts on a different port to the one we have.
Then if people wanted to expose that to the web, they'd
- Have to do it themselves.
- Hopefully know what they're doing.
I can definitely see the benefits of this for people who aren't comfortable with editing text files too. If we ever managed to get installable packages or hosted on PyPi, this would be really useful.
All the page really needs to do is write a file, we wouldn't need to hook straight into the variables in the bot. We could even leave out the Polo API keys if it was going to problematic.
That said, I'm definitely more focused on the market analysis stuff at the minute too.
We're already close to the feature you're talking about @kryztoval we've a basic version of MACD working, which builds upon the current market analysis tool.
@laxdog Amazing, and sounds good.
I market this as discussion because I guessed this would be low priority as it would be helpful but it is not important or urgent.
I think it would be really nice to have a configuration web interface. i can see the security-point and i would recommend this: web interface that outputs the content for the configuration-file. if you could create a html-file ( http://getbootstrap.com/components/ ), i would be happy to complete it.
I've started work on this on the FlaskWebServer branch
Still a lot more to do, though it should allow for updates to live config and also saving that to disk if required.